Wednesday, May 8, 2013

[USN-1820-1] gpsd vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRipySAAoJEGVp2FWnRL6TF40P+wWMwiFMZOkgWswyhwMFFVhE
pPl1vrTmfysJ2aXEHo6uUR2iU0aXQqrOo/6Z15IQWy/Mcx3n5xEXJHXEq8PTJmUA
tCXZGO9b+zftdNBX16/UAAfHhPJHoqDD+9aVU2bX9N+3EX7jsE1BjnYuMkp9WPfx
GyIDa0OZeYH2aQ/0K7/Sqh3bas972qMOsx3GCB+Qe51ckOwTuGlf9MGp8AqC/rgm
+lruh/QxuKIFuu/pLqaVsJW7Gk38vMpfXM4wPUFrblDRrFa0jASvQAkqoJWyNwik
q1IRQwkUdGCjYMx3acxqQ12mciH1T7q/WaV8abOhmK8WDqfLaxtYfU7XVrTG0kSt
ptXtiHlZc9HtMqcOZmnB008FJuQMjHjS0I/qGAL+aloISmtiKojRll63gtS8WtwQ
zHylQtX1u5TWHSB5fzwpGLJ2ln2h6yFYpHk+nRLsytAPNvuAaz6s/Vamzd3osTNn
AY78AS4ABVMYjC3/RHGyLcwwYTp9q5t3VRpm1LRwEP3brY4pZ/KyevIiBJ1si6h2
t+MSWU6uJNswlpXvZp4K7Vb1CCmtkBPQaj7EpruZP/Wk2UC2lWzQZEgTND2fppNw
4CrOChbE6yf/T1aBpS0r1yUOlC+V4FZFuMi9ViDiso0KkgIFJd5P2PSaPEF4pHrF
nH+XBK7uZhQE7mVA3LLm
=CIOg
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1820-1
May 08, 2013

gpsd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

gpsd could be made to crash or possibly run programs if it received
specially crafted input.

Software Description:
- gpsd: Global Positioning System - daemon

Details:

It was discovered that gpsd incorrectly handled certain malformed GPS data.
An attacker could use this issue to cause gpsd to crash, resulting in a
denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
gpsd 3.4-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1820-1
CVE-2013-2038

Package Information:
https://launchpad.net/ubuntu/+source/gpsd/3.4-2ubuntu0.1

No comments:

Post a Comment